Acer Aspire BIOS vulnerability
CVE-2022-4020

8.1HIGH

Key Information:

Vendor: Acer
Status: Aspire A315-22; Aspire A115-21; Aspire A315-22g; Extensa Ex215-21
Vendor: CVE Published:; 28 November 2022

What is CVE-2022-4020?

Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Aspire A115-21 1.04 < 1.11

Aspire A315-22 1.04 < 1.11

Aspire A315-22G 1.04 < 1.11

References

https://community.acer.com/en/kb/articles/15520-security-...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 28, 2022
Vulnerability Reserved
Nov 16, 2022

Credit

Martin Smolár @ ESET

JSON

Acer